blob: a5d25d07d57eccafbcab53834f00998bb24b9ba2 [file] [log] [blame]
<?xml version="1.0"?>
<!--
link:../matter-defines.adoc[]
Copyright (C) Connectivity Standards Alliance (2021). All rights reserved.
The information within this document is the property of the Connectivity
Standards Alliance and its use and disclosure are restricted, except as
expressly set forth herein.
Connectivity Standards Alliance hereby grants you a fully-paid, non-exclusive,
nontransferable, worldwide, limited and revocable license (without the right to
sublicense), under Connectivity Standards Alliance's applicable copyright
rights, to view, download, save, reproduce and use the document solely for your
own internal purposes and in accordance with the terms of the license set forth
herein. This license does not authorize you to, and you expressly warrant that
you shall not: (a) permit others (outside your organization) to use this
document; (b) post or publish this document; (c) modify, adapt, translate, or
otherwise change this document in any manner or create any derivative work
based on this document; (d) remove or modify any notice or label on this
document, including this Copyright Notice, License and Disclaimer. The
Connectivity Standards Alliance does not grant you any license hereunder other
than as expressly stated herein.
Elements of this document may be subject to third party intellectual property
rights, including without limitation, patent, copyright or trademark rights,
and any such third party may or may not be a member of the Connectivity
Standards Alliance. Connectivity Standards Alliance members grant other
Connectivity Standards Alliance members certain intellectual property rights as
set forth in the Connectivity Standards Alliance IPR Policy. Connectivity
Standards Alliance members do not grant you any rights under this license. The
Connectivity Standards Alliance is not responsible for, and shall not be held
responsible in any manner for, identifying or failing to identify any or all
such third party intellectual property rights. Please visit www.csa-iot.org for
more information on how to become a member of the Connectivity Standards
Alliance.
This document and the information contained herein are provided on an “AS IS”
basis and the Connectivity Standards Alliance DISCLAIMS ALL WARRANTIES EXPRESS
OR IMPLIED, INCLUDING BUT NOT LIMITED TO (A) ANY WARRANTY THAT THE USE OF THE
INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OF THIRD PARTIES (INCLUDING
WITHOUT LIMITATION ANY INTELLECTUAL PROPERTY RIGHTS INCLUDING PATENT, COPYRIGHT
OR TRADEMARK RIGHTS); OR (B) ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS
FOR A PARTICULAR PURPOSE, TITLE OR NONINFRINGEMENT. IN NO EVENT WILL THE
CONNECTIVITY STANDARDS ALLIANCE BE LIABLE FOR ANY LOSS OF PROFITS, LOSS OF
BUSINESS, LOSS OF USE OF DATA, INTERRUPTION OF BUSINESS, OR FOR ANY OTHER
DIRECT, INDIRECT, SPECIAL OR EXEMPLARY, INCIDENTAL, PUNITIVE OR CONSEQUENTIAL
DAMAGES OF ANY KIND, IN CONTRACT OR IN TORT, IN CONNECTION WITH THIS DOCUMENT
OR THE INFORMATION CONTAINED HEREIN, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
LOSS OR DAMAGE.
All company, brand and product names in this document may be trademarks that
are the sole property of their respective owners.
This notice and disclaimer must be included on all copies of this document.
Connectivity Standards Alliance
508 Second Street, Suite 206
Davis, CA 95616, USA
-->
<cluster xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="types types.xsd cluster cluster.xsd" id="0x003e" name="Operational Credentials" revision="1">
<revisionHistory>
<revision revision="1" summary="Initial Release"/>
</revisionHistory>
<classification hierarchy="base" role="utility" picsCode="OPCREDS" scope="Node"/>
<dataTypes>
<number name="Attestation Elements" type=""/>
<number name="Attestation Information" type=""/>
<number name="NOCSR Elements" type=""/>
<number name="NOCSR Information" type=""/>
<number name="RESP_MAX Constant" type=""/>
<enum name="CertificateChainTypeEnum">
<item value="1" name="DACCertificate" summary="Request the DER-encoded DAC certificate">
<mandatoryConform/>
</item>
<item value="2" name="PAICertificate" summary="Request the DER-encoded PAI certificate">
<mandatoryConform/>
</item>
</enum>
<enum name="NodeOperationalCertStatusEnum">
<item value="0" name="OK" summary="OK, no error">
<mandatoryConform/>
</item>
<item value="1" name="InvalidPublicKey" summary="[[ref_InvalidPublicKey]] Public Key in the NOC does not match the public key in the NOCSR">
<mandatoryConform/>
</item>
<item value="2" name="InvalidNodeOpId" summary="[[ref_InvalidOperationalId]] The Node Operational ID in the NOC is not formatted correctly.">
<mandatoryConform/>
</item>
<item value="3" name="InvalidNOC" summary="[[ref_InvalidNoc]] Any other validation error in NOC chain">
<mandatoryConform/>
</item>
<item value="4" name="MissingCsr" summary="[[ref_MissingCsr]] No record of prior CSR for which this NOC could match">
<mandatoryConform/>
</item>
<item value="5" name="TableFull" summary="[[ref_TableFull]] NOCs table full, cannot add another one">
<mandatoryConform/>
</item>
<item value="6" name="InvalidAdminSubject" summary="[[ref_InvalidAdminSubject]] Invalid CaseAdminSubject field for an AddNOC command.">
<mandatoryConform/>
</item>
<item value="7" summary="Reserved for future use">
<mandatoryConform/>
</item>
<item value="8" summary="Reserved for future use">
<mandatoryConform/>
</item>
<item value="9" name="FabricConflict" summary="[[ref_FabricConflict]] Trying to AddNOC instead of UpdateNOC against an existing Fabric.">
<mandatoryConform/>
</item>
<item value="10" name="LabelConflict" summary="[[ref_LabelConflict]] Label already exists on another Fabric.">
<mandatoryConform/>
</item>
<item value="11" name="InvalidFabricIndex" summary="[[ref_InvalidFabricIndex]] FabricIndex argument is invalid.">
<mandatoryConform/>
</item>
</enum>
<struct name="FabricDescriptorStruct">
<field id="1" name="RootPublicKey" type="&lt;&lt;ref_DataTypeOctstr&gt;&gt;">
<mandatoryConform/>
<constraint type="allowed" value="65"/>
</field>
<field id="2" name="VendorID" type="&lt;&lt;ref_DataTypeVendorId&gt;&gt;">
<mandatoryConform/>
<constraint type="desc"/>
</field>
<field id="3" name="FabricID" type="fabric-id">
<mandatoryConform/>
</field>
<field id="4" name="NodeID" type="node-id">
<mandatoryConform/>
</field>
<field id="5" name="Label" type="string" default="&quot;">
<mandatoryConform/>
<constraint type="maxLength" value="32"/>
</field>
</struct>
<struct name="NOCStruct">
<field id="1" name="NOC" type="&lt;&lt;ref_DataTypeOctstr&gt;&gt;">
<access fabricSensitive="true"/>
<mandatoryConform/>
<constraint type="max" value="400"/>
</field>
<field id="2" name="ICAC" type="&lt;&lt;ref_DataTypeOctstr&gt;&gt;">
<access fabricSensitive="true"/>
<quality nullable="true"/>
<mandatoryConform/>
<constraint type="max" value="400"/>
</field>
</struct>
</dataTypes>
<attributes>
<attribute id="0x0000" name="NOCs" type="&lt;&lt;ref_DataTypeList&gt;&gt;[NOCStruct Type]">
<access read="true" readPrivilege="admin"/>
<quality changeOmitted="true" nullable="false" scene="false" persistence="nonVolatile" reportable="false"/>
<mandatoryConform/>
<constraint type="max" value="SupportedFabrics"/>
</attribute>
<attribute id="0x0001" name="Fabrics" type="&lt;&lt;ref_DataTypeList&gt;&gt;[FabricDescriptorStruct Type]">
<access read="true" readPrivilege="view"/>
<quality changeOmitted="false" nullable="false" scene="false" persistence="nonVolatile" reportable="false"/>
<mandatoryConform/>
<constraint type="max" value="SupportedFabrics"/>
</attribute>
<attribute id="0x0002" name="SupportedFabrics" type="uint8">
<access read="true" readPrivilege="view"/>
<quality changeOmitted="false" nullable="false" scene="false" persistence="fixed" reportable="false"/>
<mandatoryConform/>
<constraint type="between" from="5" to="254"/>
</attribute>
<attribute id="0x0003" name="CommissionedFabrics" type="uint8">
<access read="true" readPrivilege="view"/>
<quality changeOmitted="false" nullable="false" scene="false" persistence="nonVolatile" reportable="false"/>
<mandatoryConform/>
<constraint type="max" value="SupportedFabrics"/>
</attribute>
<attribute id="0x0004" name="TrustedRootCertificates" type="&lt;&lt;ref_DataTypeList&gt;&gt;[&lt;&lt;ref_DataTypeOctstr&gt;&gt;]">
<access read="true" readPrivilege="view"/>
<quality changeOmitted="true" nullable="false" scene="false" persistence="nonVolatile" reportable="false"/>
<mandatoryConform/>
</attribute>
<attribute id="0x0005" name="CurrentFabricIndex" type="uint8" default="0">
<access read="true" readPrivilege="view"/>
<mandatoryConform/>
</attribute>
</attributes>
<commands>
<command id="0x00" name="AttestationRequest" response="AttestationResponse">
<access invokePrivilege="admin"/>
<mandatoryConform/>
<field id="0" name="AttestationNonce" type="octets">
<mandatoryConform/>
<constraint type="maxLength" value="32"/>
</field>
</command>
<command id="0x01" name="AttestationResponse" direction="responseFromServer">
<access invokePrivilege="operate"/>
<mandatoryConform/>
<field id="0" name="AttestationElements" type="octets">
<mandatoryConform/>
<constraint type="maxLength" value="RESP_MAX"/>
</field>
<field id="1" name="AttestationSignature" type="octets">
<mandatoryConform/>
<constraint type="maxLength" value="64"/>
</field>
</command>
<command id="0x02" name="CertificateChainRequest" response="CertificateChainResponse">
<access invokePrivilege="admin"/>
<mandatoryConform/>
<field id="0" name="CertificateType" type="CertificateChainTypeEnum">
<mandatoryConform/>
<constraint type="desc"/>
</field>
</command>
<command id="0x03" name="CertificateChainResponse" direction="responseFromServer">
<access invokePrivilege="operate"/>
<mandatoryConform/>
<field id="0" name="Certificate" type="octets">
<mandatoryConform/>
<constraint type="maxLength" value="600"/>
</field>
</command>
<command id="0x04" name="CSRRequest" response="CSRResponse">
<access invokePrivilege="admin"/>
<mandatoryConform/>
<field id="0" name="CSRNonce" type="octets">
<mandatoryConform/>
<constraint type="maxLength" value="32"/>
</field>
<field id="1" name="IsForUpdateNOC" type="bool" default="false">
<optionalConform/>
</field>
</command>
<command id="0x05" name="CSRResponse" direction="responseFromServer">
<access invokePrivilege="operate"/>
<mandatoryConform/>
<field id="0" name="NOCSRElements" type="octets">
<mandatoryConform/>
<constraint type="maxLength" value="RESP_MAX"/>
</field>
<field id="1" name="AttestationSignature" type="octets">
<mandatoryConform/>
<constraint type="maxLength" value="64"/>
</field>
</command>
<command id="0x06" name="AddNOC" response="NOCResponse">
<access invokePrivilege="admin"/>
<mandatoryConform/>
<field id="0" name="NOCValue" type="&lt;&lt;ref_DataTypeOctstr&gt;&gt;">
<mandatoryConform/>
<constraint type="max" value="400"/>
</field>
<field id="1" name="ICACValue" type="&lt;&lt;ref_DataTypeOctstr&gt;&gt;">
<optionalConform/>
<constraint type="max" value="400"/>
</field>
<field id="2" name="IPKValue" type="&lt;&lt;ref_DataTypeOctstr&gt;&gt;">
<mandatoryConform/>
<constraint type="allowed" value="16"/>
</field>
<field id="3" name="CaseAdminSubject" type="&lt;&lt;SubjectID&gt;&gt;">
<mandatoryConform/>
</field>
<field id="4" name="AdminVendorId" type="&lt;&lt;ref_DataTypeVendorId&gt;&gt;">
<mandatoryConform/>
</field>
</command>
<command id="0x07" name="UpdateNOC" response="NOCResponse">
<access invokePrivilege="admin" fabricScoped="true"/>
<mandatoryConform/>
<field id="0" name="NOCValue" type="octets">
<mandatoryConform/>
<constraint type="maxLength" value="400"/>
</field>
<field id="1" name="ICACValue" type="octets">
<optionalConform/>
<constraint type="maxLength" value="400"/>
</field>
</command>
<command id="0x08" name="NOCResponse" direction="responseFromServer">
<access invokePrivilege="operate"/>
<mandatoryConform/>
<field id="0" name="StatusCode" type="NodeOperationalCertStatusEnum">
<mandatoryConform/>
</field>
<field id="1" name="FabricIndex" type="fabric-idx">
<optionalConform/>
<constraint type="between" from="1" to="254"/>
</field>
<field id="2" name="DebugText" type="string">
<optionalConform/>
<constraint type="maxLength" value="128"/>
</field>
</command>
<command id="0x09" name="UpdateFabricLabel" response="NOCResponse">
<access invokePrivilege="admin" fabricScoped="true"/>
<mandatoryConform/>
<field id="0" name="Label" type="string">
<mandatoryConform/>
<constraint type="maxLength" value="32"/>
</field>
</command>
<command id="0x0a" name="RemoveFabric" response="NOCResponse">
<access invokePrivilege="admin"/>
<mandatoryConform/>
<field id="0" name="FabricIndex" type="fabric-idx">
<mandatoryConform/>
<constraint type="between" from="1" to="254"/>
</field>
</command>
<command id="0x0b" name="AddTrustedRootCertificate" response="Y">
<access invokePrivilege="admin"/>
<mandatoryConform/>
<field id="0" name="RootCACertificate" type="&lt;&lt;ref_DataTypeOctstr&gt;&gt;">
<mandatoryConform/>
<constraint type="max" value="400"/>
</field>
</command>
</commands>
</cluster>